Lead – Data Protection

Why Airtel Mobile Commerce Limited?

At Airtel Mobile Commerce Limited, we act with passion, energy, and a can-do attitude. Innovation with an entrepreneurial spirit drive us. If you like “ordinary”, then we are not for you.

We champion diversity. We anticipate, adapt, and deliver solutions that enrich the lives of communities we serve. we roll up our sleeves to win with our customers.

By choosing Airtel Mobile Commerce Limited, you choose to be part of a winning team. All this in addition to a brilliant opportunity to build a career in your field of expertise, across our different operating companies in Africa.

Airtel Mobile Commerce Limited is proud to be an equal opportunity employer and remain fully committed to diversity and inclusion in the workplace.

Purpose of the Job 

The Data Privacy Compliance Manager (DPM) will be responsible for designing, implementing and testing compliance programs to ensure compliance with Data protection privacy, mobile money compliance laws in Malawi. This role involves developing, implementing, and reviewing privacy frameworks, policies, and practices to protect personal data. The DPM will be responsible for embedding privacy by designing all organizational processes and systems and be a point of company contact for privacy management.

Expected Key Results

Data Privacy Governance

• Ensure the organization’s compliance with applicable data protection laws in the Republic of Malawi and where applicable, international legislations.
• Developing and implementing internal privacy policies and procedures that align with legal requirements and industry standards and ensure that the same are updated in line with the set update periods.
• Monitor changes in privacy regulations and advise the organization on necessary adjustments.
• Keep a record of the business compliance obligations and monitor the compliance obligations including supporting the registration of the Company as data controller and data processor.

Data Privacy Management

• Regularly test the compliance requirements that are set out in the Privacy policies and Privacy Notices to ensure compliance to the same.
• Conduct Data Privacy Impact Assessments (DPIAs) to identify and mitigate risks associated with data processing activities, particularly those involving personal data.
• Guide product teams on implementing measures to minimize privacy risks and manage the implementation of Privacy by Design throughout the organization.
• Audit the legacy products and projects to ensure that they are compliant with the data privacy policy and data privacy laws requirements e.g. Audit of the Various Airtel Money Apps.
• Assess the privacy practices of third-party vendors and other third parties that the company shares personal data with.
• Evaluate the data protection practices of third-party vendors and service providers, ensuring they meet the company standards for data security and privacy.
• Review and advise on data protection clauses in contracts and agreements with vendors.
• Collaborate with the legal and IT departments, and business stakeholders to ensure that data collection, storage, processing, and sharing are aligned with the applicable laws and standards applicable in Malawi.
• Assist with data subject access requests, data deletion requests, and other privacy-related inquiries from individuals
• Act as the point of contact for data protection incidents and breaches, coordinating response efforts and ensuring timely reporting to relevant authorities and affected individuals as needed and maintain accurate records of incidents
• Work with cross-functional teams to investigate incidents, assess impact, and implement remediation measures

Airtel Money Compliance

• Identify and assess the compliance risks associated with the Opco’s current and future business activities including new products and services and new business relationships
• Co-ordination of regulatory inspections and examinations
• To identify and Implement Compliance Monitoring framework and prepare submit compliance status reports to the board on a regular basis
• Maintain AML/KYC risk data collection, analysis and preparing reports with recommendations to mitigate exposures.
• Investigate suspicious transactions and file Suspicious Activity Reports as required.
• Identify and assess the compliance risks associated with the current and future business activities including new products and services and new business relationships
• Create a culture of compliance by ensuring that management and staff embrace compliance by training.

Training and Awareness

• Develop and deliver training programs to enhance staff awareness of data privacy obligations including annual mandatory data privacy trainings to all employees.
• Promote a culture of privacy compliance and accountability across the organization.
• Assist and train other departments’ personnel, agents, and dealers on AML & Compliance issues to ensure a compliance culture within the company

Reporting

• Prepare routine and ad-hoc compliance reports to the Executive Risk Committee and to the Board Audit & Risk Committee.
• Engagement with stakeholders at Group and OpCo on Board reports
• Prepare internal & external compliance reports for the Group compliance office regarding external and regulatory compliance issues on AML/KYC

Key Competencies

• In-depth knowledge of key data privacy laws in Malawi.
• Proven experience in data protection compliance, preferably in the telecommunications, mobile money, technology or related technology sectors.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.
• Analytical mindset with the ability to assess complex data protection issues and propose practical solutions.
• Experience in conducting data protection impact assessments and managing data protection incidents.
• Familiarity with privacy-by-design principles and their application in product development.
• Ability to work independently and manage multiple projects simultaneously

Key Competencies

• Bachelor’s degree in law, Business, Finance, Computer Science, or related field.
• Minimum 3 years work experience with hands- on experience developing and implementing Data Privacy compliance programs
• A certification related to data privacy, such as the Certified Information Privacy Professional (CIPP), Certified Information Privacy Technologist (CIPT) or Certified Information Privacy Manager (CIPM) will be added advantage.

Apply Now